Digital rights management provision apparatus, system, and method

ABSTRACT

Provided is digital rights management (DRM) provision technology, and more particularly, are an apparatus, system, and method which can easily provide content using one or more DRM systems. A DRM provision apparatus includes a content download unit which downloads encrypted real content and dummy content from a download server and which manages the downloaded real content and dummy content; a license management unit which manages a license issued by a license server; and a processing unit which manages the downloaded real content and dummy content and the issued license.

This application claims priority from Korean Patent Application No.10-2007-0020390 filed on Feb. 28, 2007 in the Korean IntellectualProperty Office and U.S. Provisional Patent Application No. 60/852,992filed on Oct. 20, 2006 in the United States Patent and Trademark Office,the disclosures of which are incorporated herein by reference in itsentirety.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to digital rights management (DRM)provision technology, and more particularly, to an apparatus, system,and method which can easily provide content using one or more DRMsystems.

2. Description of the Related Art

Generally, digital rights management (DRM) technology protects andmanages the rights of digital content creators. According to the DRMtechnology, a content provision server stores content in an encryptedform and provides encrypted content and key information required todecrypt the encrypted content to a user when the user makes a requestfor purchasing the encrypted content. The DRM technology defines thenumber of times that digital content can be played back, whether or notthe digital content can be duplicated, the number of times the contentcan be duplicated, and the like.

DRM functions are largely divided into the following: the protection ofdigital content, the management of usage rules of the digital content,and the management of a billing system. In order to protect digitalcontent, the DRM technology encrypts the digital content and thusprevents the illegal distribution or use of the digital content in allstages (i.e., creation, distribution, use, and disposal) of its lifecycle. In addition, the DRM technology enables only an authorized userwith an encryption key to decrypt and use encrypted content. Therefore,even if the encrypted content is illegally distributed, it cannot beused without the encryption key.

However, DRM technologies (such as Microsoft (MS) DRM and Open MobileAlliance (OMA) DRM) developed by various developers are not compatiblewith each other. That is, a DRM structure developed by a developer runson hardware or software that supports the DRM structure of thedeveloper, but not on other platforms. Therefore, a user has to purchasedifferent hardware or software that supports each DRM.

In this regard, there is a need for a technology that can play backcontent to which different DRM standards developed by various developershave been applied, on any host device.

SUMMARY OF THE INVENTION

It is an aspect of the present invention to implement a contentprovision system using one or more digital rights management (DRM)systems.

However, the aspects of the present invention are not restricted to theone set forth herein. The above and other aspects of the presentinvention will become more apparent to one of ordinary skill in the artto which the present invention pertains by referencing a detaileddescription of the present invention given below.

According to an aspect of the present invention, there is provided a DRMprovision apparatus including a content download unit downloadingencrypted real content and dummy content from a download server andmanaging the downloaded real content and dummy content; a licensemanagement unit managing a license issued by a license server; and aprocessing unit managing the downloaded real content and dummy contentand the issued license.

According to another aspect of the present invention, there is provideda DRM provision system including a packaging server performing a firstpackaging process and a second packaging on unencrypted real content andgenerating encrypted real content and dummy content; a download serverdownloading the encrypted real content and the dummy content; a licenseserver generating and issuing a license for the encrypted real content;and a DRM provision apparatus receiving and managing the encrypted realcontent, the dummy content, ad the license.

According to another aspect of the present invention, there is provideda DRM provision method including receiving encrypted real content anddummy content; and receiving a license issued for the encrypted realcontent.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other features and advantages of the present inventionwill become more apparent by describing in detail exemplary embodimentsthereof with reference to the attached drawings in which:

FIG. 1 illustrates a digital rights management (DRM) provision systemaccording to an exemplary embodiment of the present invention;

FIG. 2 illustrates a license binding structure of the DRM provisionsystem according to an exemplary embodiment of the present invention;

FIG. 3 illustrates the operation of a packaging server included in theDRM provision system according to an exemplary embodiment of the presentinvention;

FIG. 4 illustrates the structure of a DRM header in the DRM provisionsystem according to an exemplary embodiment of the present invention;

FIG. 5 illustrates the operation of downloading content using the DRMprovision system according to an exemplary embodiment of the presentinvention;

FIG. 6 illustrates the operation of receiving a license using the DRMprovision system according to an exemplary embodiment of the presentinvention;

FIG. 7 is a block diagram of a DRM provision apparatus included in theDRM provision system according to an exemplary embodiment of the presentinvention;

FIG. 8 is a block diagram of a portable storage device included in theDRM provision system according to an exemplary embodiment of the presentinvention;

FIG. 9 illustrates the operation of a host device included in the DRMprovision system according to an exemplary embodiment of the presentinvention; and

FIG. 10 illustrates the operation of receiving DRM content using a kioskincluded in the DRM provision system according to an exemplaryembodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

The present invention will now be described more fully with reference tothe accompanying drawings in which exemplary embodiments of theinvention are shown. The invention may, however, be embodied in manydifferent forms and should not be construed as being limited to theexemplary embodiments set forth herein; rather, these exemplaryembodiments are provided so that this disclosure will be thorough andcomplete, and will fully convey the concept of the invention to thoseskilled in the art. Like reference numerals in the drawings denote likeelements, and thus their description will be omitted.

Exemplary embodiments of the present invention will hereinafter bedescribed in detail with reference to the accompanying drawings.

FIG. 1 illustrates a digital rights management (DRM) provision system 10according to an exemplary embodiment of the present invention. Referringto FIG. 1, the DRM provision system 10 includes a packaging server 100,a download server 200, a license server 300, and a DRM provisionapparatus 400. The DRM provision system 10 may further include aportable storage device 500 using content registered by a contentprovider and storing content and its license by communicating with theDRM provision apparatus 400. The portable storage device 500 plays backcontent by being connected to a host device 600.

The content provider registers content, which is to be provided, with acontents management system (CMS). The CMS supports a function ofmanaging the registration, retrieval, and deletion of a product(content) and a function of setting rights. In addition, the contentprovider registers meta information of content in order to distributethe content to users who desire to use the content, sets usage rights ofthe content for service business application, and decides the price ofthe content.

The packaging server 100 performs a first packaging process and a secondpackaging process on real content registered in the CMS by the contentprovider and generates dummy content and a DRM packaging file. Here,packaging denotes an encryption process for protecting content. Thedummy content denotes a file required to receive a license for each DRM(such as Microsoft (MS) DRM and Open Mobile Alliance (OMA) DRM).

That is, the packaging server 100 packages content in order to supportthe MSDRM and the OMA DRM. The first and second packaging processes willbe described in detail later with reference to FIG. 3.

The download server 200 provides (downloads) content requested by a userto the DRM provision apparatus 400. In this case, the downloaded contentis the real content encrypted by the packaging server 100 and the dummycontent. The operation of downloading content will be described indetail later with reference to FIG. 5.

The license server 300 issues (provides) a license for using theencrypted real content. Here, the license is issued based on informationregarding the dummy content. The operation of receiving a license willbe described in detail later with reference to FIG. 6.

The DRM provision apparatus 400 provides content (e.g., the encryptedreal content and the dummy content) received from the download server200 and the license server 300 to the portable storage device 500. TheDRM provision apparatus 400 may be a kiosk, a personal computer (PC), aportable multimedia player (PMP), a settop box, or a mobile phone. Theoperation of the DRM provision apparatus 400 will be described in detaillater with reference to FIG. 7.

The portable storage device 500 stores the encrypted content, the dummycontent, and the license provided by the DRM provision apparatus 400.The portable storage device 500 includes a non-volatile memory, such asa flash memory, which can read, write and erase data, and is capable ofperforming a predetermined computation on data. In addition, theportable storage device 500 can easily be connected to or disconnectedfrom the host device 600. Examples of the portable storage device 500include a smart media, a memory stick, a CompactFlash (CF) card, anextreme Digital (xD) card, and a multimedia card (MMC). The operation ofthe portable storage device 500 will be described in more detail laterwith reference to FIG. 8.

Meanwhile, the encrypted content, the dummy content, and the license mayalready be stored in the portable storage device 500.

For example, a user may purchase the portable storage device 500 storingthe encrypted content, the dummy content and the license, and use theencrypted content, the dummy content and the license already stored inthe portable storage device 500. That is, the user can purchase aportable storage device storing predetermined content and always use thecontent on the host device 600.

The host device 600 can be connected to the portable storage device 500and can play back a content object by using a license and a rightsobject. The host device 600 may be a portable content playback device,such as a mobile phone, a personal digital assistant (PDA) or an MP3player, or a fixed content playback device such as a desktop computer ora digital television (TV). The operation of the host device 600 will bedescribed in more detail later with reference to FIG. 9.

FIG. 2 illustrates a license binding structure of the DRM provisionsystem 10 according to an exemplary embodiment of the present invention.The DRM provision system 10 uses a different structure from that of arelated DRM system which binds encrypted content to a license on aone-to-one basis.

Referring to FIG. 2, the related DRM system binds encrypted content anda license file for each DRM. Therefore, for 1 Gbyte of video, a memorywith a capacity of n times 1 Gbyte is required.

On the other hand, the DRM provision system 10 according to the presentinvention provides a piece of encrypted real content and a bundle ofapproximately 5 Kbytes of encrypted dummy content and a license file foreach DRM. Therefore, content provided by the DRM provision system 10does not require a large memory space as in the related DRM system.

That is, the DRM provision system 10 according to the present inventionhas a hierarchical structure so that it can run both on a handset loadedwith MSDRM and another handset loaded with OMA DRM.

When the related DRM system searches for a license in order to play backcontent, it reads a license ID (LID) or a content ID (CID) specified ina DRM handset of encrypted content and searches a license storagedatabase (DB) or file for a corresponding license.

However, the DRM provision system 10 does not directly bind encryptedreal content to a corresponding license in order to support both theMSDRM and the OMA DRM. Instead, the DRM provision system 10 includesdummy content between the encrypted real content and the correspondinglicense.

For example, if the host device 600 has the MSDRM, the DRM provisionsystem 10 reads the ID of dummy content from encrypted real content andthen searches for the dummy content protected by the MSDRM.

Then, if a file encrypted using the MSDRM is selected from the dummycontent, the DRM provision system 10 obtains an LID from a header of acorresponding piece of dummy content and obtains a license from alicense storage DB or file. The dummy content has a content format whichcan be played back or listened to by users. However, the dummy contentmerely serves as a medium by which the encrypted real content and thelicense can be bound to a number of versions of the DRM system. Thelicense bound to the dummy content is a file that sets the rights forthe encrypted real content. Meanwhile, the same process described aboveis applied to handsets loaded with the OMA DRM system and other DRMsystems.

FIG. 3 illustrates the operation of the packaging server 100 included inthe DRM provision system 10 according to an exemplary embodiment of thepresent invention.

The packaging server 100 encrypts real content by performing the firstand second packaging processes on the real content and generates dummycontent and a DRM packaging file.

The first packaging process will now be described. The first packagingprocess includes a first operation of registering real content, a secondoperation of generating a DRM header, a third operation of generating acontent encryption key (CEK), and a fourth operation of encrypting thereal content.

Specifically, if a content provider registers real content with a CMS,the packaging server 100 generates a DRM header of the registered realcontent. The DRM header includes various forms of metadata that canexplain content characteristics such as a dummy content name associatedwith encrypted content. In addition, information contained in the DRMheader uses information registered with a metadata DB of the CMS, and adummy content file name is automatically generated based on an uniformresource identifier (URI) registered with the CMS. In addition, thedummy content file name is composed of an English string with no morethan 255 English characters.

The structure of the DRM header generated by the packaging server 100will now be described with reference to FIG. 4.

Referring to FIG. 4, DRM type is recorded in a signature field of a DRMheader, and a filename of dummy content is recorded in a filename lengthfield. A DRM encryption algorithm is recorded in a DRM header lengthfield, and DRM version information is recorded in a DRM header field. Inaddition, option information is recorded in a padding field, informationregarding content length is recorded in a data length field, and contentdata information is recorded in a content data field.

Referring back to FIG. 3, the packaging server 100 generates a CEK inorder to encrypt the registered real content. In order to generate a CEK(indicated by reference character CEK_(R)) of the registered realcontent, the packaging server 100 generates a 16 byte-CEK using a seedvalue and base64-encodes the generated 16 byte-CEK. Here, the seed valueuses a real-time session key value. While ‘real-time’ time information,when content is packaged, is used in the present exemplary embodiment, arandom number table separately managed or other values may also be used.For example, certain music files, such as a musical instrument digitalinterface (MIDI), may be stored in a DB in the form of a random numbertable and may be used as CEK_(R) for encrypting certain real content. Inthis case, CEK_(R) is reproducible content.

Next, the real content is encrypted using the generated DRM header,CEK_(R) and a symmetric key algorithm, and thus the encrypted realcontent is generated. The symmetric key algorithm uses an AES 128-bitalgorithm and may also use other symmetric key algorithms.

If the first packaging process is completed, the second packagingprocess is performed. The second packaging process includes a firstoperation of generating dummy content, a second operation of generatinga CEK of the dummy content, and a third operation of packaging the dummycontent. The dummy content is not reproducible data, such as music or amovie, but an intermediate file for generating a license that sets therights of encrypted content and binding the license to the encryptedcontent. If certain music files were used as CEK_(R) in the firstpackaging process, the dummy content may be reproducible content.

Target dummy content of DRM packaging, which is to be supported, isautomatically generated using CEK_(R) that was used to encrypt the realcontent. Here, the body of the dummy content includes CEK_(R).

For example, the OMA DRM generates dummy content in an MP3 format. Thus,the dummy content has a payload as a CEK. In addition, the MSDRMgenerates dummy content in a Windows Media Audio (WMA) format. The MSDRMcan generate dummy content not only in the WMA format but also inWindows Media Video (WMV) and Advanced Systems Format (ASF) formats.Also, the OMA DRM can generate dummy content in various formats.

Next, after generating the dummy content in the second packaging processthe packaging server 100 generates a CEK in order to encrypt the dummycontent. The CEK of the dummy content is indicated by referencecharacter CEK_(D).

FIG. 5 illustrates the operation of downloading content using the DRMprovision system 10 according to an exemplary embodiment of the presentinvention.

Referring to FIG. 5, a user or a registration server checks whether theuser's portable storage device 500 has been registered. Then, the userselects content that the user desires to purchase in a web page throughthe Internet and requests the download server 200 to download theselected content (operation {circle around (1)}).

Accordingly, the download server 200 requests a user authenticationserver (not shown) to authenticate information (provided by, forexample, the portable storage device 500) requested by the user. If theportable storage device 500 is not registered with the userauthentication server, the user's request for downloading the selectedcontent is rejected. That is, the download server 200 downloads therequested content only after the user registers the portable storagedevice 500 with the user authentication server.

Next, the download server 200 prepares the requested content, i.e.,encrypted content and dummy content to be downloaded (operation {circlearound (2)}). The encrypted content is a file, such as a moving pictureor music, which is copyrighted, and the dummy content is a file bound toa license for a content file or to a rights object.

The download server 200 transmits the content requested by the user tothe DRM provision apparatus 400 (operation {circle around (3)}), and theDRM provision apparatus 400 downloads the received content to theportable storage device 500 (operation {circle around (4)}).

Then, the downloaded content (i.e., the encrypted content and the dummycontent) is stored in a content DB. Since the encrypted content itselfdoes not have a license, the license server 300 can be accessed onlywhen the encrypted content exists together with the dummy content.

FIG. 6 illustrates the operation of receiving a license using the DRMprovision system 10 according to an exemplary embodiment of the presentinvention. After content is downloaded, a user has to receive a licensefor the content in order to use the content. The license includes a CEKfor decrypting the content as well as various rights for the content. Inthe present exemplary embodiment, the operation of obtaining a licenseusing Windows Media (WM) DRM will be described.

The DRM provision apparatus 400 analyzes a DRM header of dummy content(operation {circle around (1)}). By analyzing the DRM header, the DRMprovision apparatus 400 obtains URI information required to request theissuance of a license and a key ID (KID) value required to search forthe license.

Then, the DRM provision apparatus 400 generates challenge data using theDRM header and a device certificate (operation {circle around (2)}) andtransmits the generated challenge data to the license server 300 using ahypertext transfer protocol (HTTP)-post method (operation {circle around(3)}). The challenge data includes the DRM header and the devicecertificate and is base64-encoded.

The license server 300 base64-decodes the received challenge data andobtains the KID by analyzing the DRM header. Then, the license server300 searches for a CEK that matches the obtained KID, encrypts the CEKusing a public key included in the device certificate, and inserts theencrypted CEK into the license (operation {circle around (4)}). Here,the CEK is encrypted using an elliptic curve cryptography (ECC)asymmetric key encryption method.

The license server 300 base64-encodes the generated license andtransmits the base64-encoded license to the DRM provision apparatus 400(operation {circle around (5)}). A transmission method used here is adirect license acquisition (DLA) method. The DRM provision system 10suggested in the present invention transmits the encoded license usingthe DLA method.

The DRM provision apparatus 400 provides the base64-encoded license tothe portable storage device 500, and the portable storage device 500stores the base64-encoded license.

FIG. 7 is a block diagram of the DRM provision apparatus 400 included inthe DRM provision system 10 according to an exemplary embodiment of thepresent invention.

Referring to FIG. 7, the DRM provision apparatus 400 includes a contentdownload unit 410, a license management unit 420, a preview provisionunit 430, and a processing unit 440.

The content download unit 410 downloads content from the download server200, and the downloaded content is stored in the portable storage device500. The downloaded content includes encrypted real content and twopieces of dummy content (e.g., OMA DRM- *.dcf and MS-DRM- *.wma), whichare managed together as a single piece of complex content.

The license management unit 420 receives a license (or a rights object)from the license server 300 so that a user can use the downloadedcontent. A license transmitted using an OMA DRM method and a licensetransmitted using an MS DRM method are stored in respective storageareas for licenses.

For example, an OMA rights object is stored in a rights object DB, andan encrypted storage space is configured and used in order to preventrights from being arbitrarily accessed or modified. In addition, an MSDRM rights object is stored in a hash storage unit.

The preview provision unit 430 provides the content, which wasdownloaded by the content download unit 410 at the request of the user,on a preview screen.

The processing unit 440 manages the operation of each of the contentdownload unit 410, the license management unit 420, and the previewprovision unit 430 included in the DRM provision apparatus 400. Inaddition, the processing unit 440 provides the real content and thedummy content downloaded by the content download unit 410 and a licenseof the dummy content provided by the license management unit 420 to theportable storage device 500.

The term ‘unit’, as used herein, means, but is not limited to, asoftware or hardware component, such as a Field Programmable Gate Array(FPGA) or Application Specific Integrated Circuit (ASIC), which performscertain tasks. A unit may advantageously be configured to reside on theaddressable storage medium and configured to execute on one or moreprocessors. Thus, a unit may include, by way of example, components,such as software components, object-oriented software components, classcomponents and task components, processes, functions, attributes,procedures, subroutines, segments of program code, drivers, firmware,microcode, circuitry, data, databases, data structures, tables, arrays,and variables. The functionality provided for in the components andmodules may be combined into fewer components and units or furtherseparated into additional components and units.

FIG. 8 is a block diagram of the portable storage device 500 included inthe DRM provision system 10 according to an exemplary embodiment of thepresent invention.

Referring to FIG. 8, the portable storage device 500 includes storagespace, i.e., a tamper resistant module (TRM) area 510, a DRM area 520,and a user access area 530.

The TRM area 510 stores DRM security information. That is, the TRM area510 stores a serial number of the portable storage device 500, apublic/private key, a certificate, a device group key, etc. for eachDRM.

The TRM area 510 may be created when the portable storage device 500 ismanufactured. Alternatively, the TRM area 510 may be written once whenthe portable storage device 500 is first used after being purchased. Inthis case, the TRM area 510 can be written after being authenticated bya network server. For security, it is desirable to create the TRM area510 in advance when the portable storage device 500 is manufactured. TheTRM area 510 is where data can be read only. The data stored in the TRMarea 510 can be read using a particular application programminginterface (API) that accesses the portable storage device 500.

The rights to access the data recorded in the TRM area 510 must be givenonly to a DRM agent (not shown), and an external user must be prohibitedfrom moving or changing the data.

The DRM area 520 stores encrypted dummy content and a license file (or arights object). Even if the DRM area 520 is open to the outside, nosecurity problem arises. However, if a user of the portable storagedevice 500 accesses the DRM area 520 and removes or changes a filetherein, a fatal problem to the operation of the DRM agent may arise.Such a file is stored in the DRM area 520. In addition, the DRM area 520can be accessed using an API provided by the DRM agent or a particularportable storage device.

The user access area 530 stores encrypted real content, such as video oraudio, which can actually be played back. General users can arbitrarilyread or write content in the user access area 530.

FIG. 9 illustrates the operation of the host device 600 included in theDRM provision system 10 according to an exemplary embodiment of thepresent invention. In the present exemplary embodiment, it is assumedthat the host device 600 also performs the function of the DRM provisionapparatus 400 and includes the portable storage device 500. In thepresent exemplary embodiment, the operation of playing back encryptedcontent using an MS DRM agent is described.

Referring to FIG. 9, if a user selects desired content (operation{circle around (1)}), the content download unit 410 determines whetherDRM has been applied to a selected file. If the selected file isencrypted content, the content download unit 410 searches for a filenameof dummy content in order to search for a license of the encryptedcontent (operation {circle around (2)}). Here, the filename of the dummycontent is read from the DRM header.

Next, URI information required to request the issuance of the licenseand a KID required to search for the license are obtained by analyzingthe DRM header (operation {circle around (3)}). Then, the licensemanagement unit 420 searches for the license stored in the DRM area 520of the portable storage device 500 using the obtained KID (operation{circle around (4)}).

If it turns out that the license does not exist or has expired, thelicense management unit 420 requests the license server 300 to issue alicense through a license downloading process. If the license managementunit 420 obtains the license from the DRM area 520 of the portablestorage device 500, it transmits the obtained license to the host device600.

The host device 600 reads a decryption key CEK_(D) of the dummy contentincluded in the license. Since the decryption key CEK_(D) of the dummycontent is encrypted using a public key, the encrypted decryption key isdecrypted using a private key stored in the TRM area 510. Consequently,the decryption key CEK_(D) is obtained. Then, the dummy content isdecrypted, and thus CEK_(R) of the encrypted real content is obtained(operation {circle around (5)}).

Next, the encrypted real content is decrypted using CEK_(R), and a fileis played back (operation {circle around (6)}). The real content hasbeen encrypted using the symmetric key (e.g., AES 128-bit) algorithm.

If the encrypted real content is normally played back, the host device600 requests the license management unit 420 to update the license (forexample, update a playback count) (operation {circle around (7)}).

FIG. 10 illustrates the operation of receiving DRM content using a kioskincluded in the DRM provision system 10 according to an exemplaryembodiment of the present invention. First of all, a user has toregister the portable storage device 500 before downloading contentusing the kiosk. The kiosk is an exemplary embodiment of the DRMprovision apparatus 400.

The user connects the portable storage device 500 (e.g., an MMC) to aportable storage device interface or universal serial bus (USB)interface of the kiosk, selects desired content and its license typefrom a product list of the kiosk, and makes a purchase request(operation {circle around (1)}).

Next, the kiosk identifies the portable storage device 500 that the userconnected thereto. The kiosk includes a table that matches a user IDwith a serial number of the portable storage device 500. Therefore, thekiosk searches the table for the user ID based on the serial number ofthe portable storage device 500 connected thereto (operation {circlearound (2)}). Alternatively, the kiosk may perform an authenticationprocess through a network server.

Referring to the internal structure of the kiosk, the kiosk includes aTRM folder, a DRM folder, and a content folder. The TRM folder stores atable in which a user ID is matched with a serial number, and the DRMfolder stores a license and dummy content for each user ID. In addition,the content folder stores encrypted content.

The kiosk downloads content at a shared directory using Active X(operation {circle around (3)}). Here, real content and dummy contentare downloaded together.

If the content is downloaded, the kiosk obtains a license for thecontent selected by the user based on the found user ID. The process ofobtaining the license for the content from the license server 300 usingthe kiosk is identical to the process of obtaining a license describedabove with reference to FIG. 6, and thus a detailed description thereofwill be omitted.

Then, the kiosk provides a preview of the downloaded content (operation{circle around (4)}). If the user selects a [Playback] function on apurchase screen of the kiosk, a preview screen appears. Here, if theuser selects a content type to preview, a content list is displayed. Ifthe user selects the [Playback] function on the right of the contentlist, a preview function is executed. For the preview function, theencrypted real content is decrypted. Since the operation of decryptingencrypted content has been described above with reference to FIG. 9, adetailed description thereof will be omitted.

If the preview function is completed, the license for the contentselected by the user based on the found user ID, the dummy content, andthe encrypted content are transmitted to the portable storage device500, and thus the purchasing process of the content is completed(operation {circle around (5)}).

As described above, a DRM provision apparatus, system, and methodaccording to the present invention provide at least one of the followingadvantages.

Since a content provision system is implemented using one or more DRM(MSDRM, OMA DRM, and the like) systems, it can provide content packagedusing a unified encryption algorithm.

In addition, DRM content, which can be played back by host deviceshaving different DRM systems, can be provided.

Regardless of an encoding format of copyrighted real content, multi-DRMpackaging is provided for content in all formats. Therefore, there is noneed for a content provider to spend additional money to encode content.

While the present invention has been particularly shown and describedwith reference to exemplary embodiments thereof, it will be understoodby those of ordinary skill in the art that various changes in form anddetails may be made therein without departing from the spirit and scopeof the present invention as defined by the following claims. Theexemplary embodiments should be considered in descriptive sense only andnot for purposes of limitation.

1. A digital rights management (DRM) provision apparatus comprising: acontent download unit which downloads encrypted real content and dummycontent from a download server and manages the downloaded real contentand dummy content; a license management unit which manages a licenseissued by a license server; and a processing unit which manages thedownloaded real content and dummy content and the issued license.
 2. Theapparatus of claim 1, wherein a packaging server generates the encryptedreal content and the dummy content through a first packaging process anda second packaging process.
 3. The apparatus of claim 1, wherein thelicense server generates an encrypted license based on informationregarding the dummy content.
 4. The apparatus of claim 1, wherein theprocessing unit provides the downloaded real content and dummy contentand the issued license to a portable storage device.
 5. The apparatus ofclaim 1, further comprising a preview provision unit which provides thedownloaded real content and dummy content on a preview screen.
 6. ADigital Rights Management (DRM) provision system comprising: a packagingserver which performs a first packaging process and a second packagingprocess on unencrypted real content and which generates encrypted realcontent and dummy content respectively; a download server whichdownloads the encrypted real content and the dummy content; a licenseserver which generates and issues a license for the encrypted realcontent; and a DRM provision apparatus which receives and manages theencrypted real content, the dummy content, and the license.
 7. Thesystem of claim 6, wherein the first packaging process comprises: (a)registering the real content; (b) generating a DRM header of the realcontent; (c) generating a content encryption key (CEK) in order toencrypt the real content; and (d) encrypting the real content.
 8. Thesystem of claim 6, wherein a symmetric key method is used in the firstpackaging process.
 9. The system of claim 6, wherein the secondpackaging process comprises: (a) generating the dummy content; (b)generating a CEK of the dummy content; and (c) packaging the dummycontent.
 10. The system of claim 6, wherein the dummy content isgenerated for each DRM.
 11. The system of claim 6, wherein the licenseserver generates an encrypted license based on information regarding thedummy content.
 12. The system of claim 6, wherein the DRM provisionapparatus comprises: a content download unit which downloads theencrypted real content and the dummy content from the download serverand manages the downloaded real content and dummy content; a licensemanagement unit which receives a license issued for the encrypted realcontent from the license server; and a processing unit which providesthe downloaded real content and dummy content and the issued license toa portable storage device.
 13. The system of claim 6, further comprisinga portable storage device which receives the encrypted real content, thedummy content, and the license from the DRM provision apparatus bycommunicating with the DRM provision apparatus and storing the receivedreal content, dummy content and license.
 14. The system of claim 13,wherein the portable storage device comprises a tamper resistant module(TRM) area, a DRM area, and a user access area.
 15. The system of claim13, further comprising a host device connected to the portable storagedevice and playing back the encrypted real content.
 16. A Digital RightsManagement (DRM) provision method comprising: receiving encrypted realcontent and dummy content; and receiving a license issued for theencrypted real content.
 17. The method of claim 16, wherein a packagingserver generates the encrypted real content and the dummy contentthrough a first packaging process and a second packaging process. 18.The method of claim 17, wherein the first packaging process comprises:(a) registering the real content; (b) generating a DRM header of thereal content; (b) generating a Content Encryption Key (CEK) in order toencrypt the real content; and (c) encrypting the real content.
 19. Themethod of claim 17, wherein a symmetric key method is used in the firstpackaging process.
 20. The method of claim 17, wherein the secondpackaging process comprises: (a) generating the dummy content; (b)generating a CEK of the dummy content; and (c) packaging the dummycontent.
 21. The method of claim 16, wherein the license is generatedbased on information regarding the dummy content.
 22. The method ofclaim 16, further comprising decrypting the encrypted real content usingthe license.
 23. The method of claim 22, wherein the decrypting of theencrypted real content comprises: analyzing a DRM of the dummy contentand obtaining a key ID (KID); obtaining a license using the KID;obtaining the CEK of the dummy content included in the license; anddecrypting the dummy content using the CEK of the dummy content and thenobtaining a CEK of the encrypted real content.
 24. The method of claim16, wherein the dummy content is generated for each DRM.
 25. The methodof claim 16, wherein the encrypted real content, the dummy content, andthe license are stored in a portable storage device via a DRM provisionapparatus.
 26. The apparatus of claim 2, wherein the first packagingprocess comprises: (a) registering the real content; (b) generating aDRM header of the real content; (c) generating a content encryption key(CEK) in order to encrypt the real content; and (d) encrypting the realcontent.
 27. The apparatus of claim 4, wherein the portable storagedevice comprises a tamper resistant module (TRM) area, a Digital RightsManagement (DRM) area, and a user access area.
 28. The system of claim6, wherein the encrypted real content is decrypted using the license.